Project

General

Profile

Actions

Bug #11393

closed

segfault on trivial application, embedding in C app.

Added by scorpion007 (Alex Budovski) over 8 years ago. Updated over 8 years ago.

Status:
Third Party's Issue
Assignee:
-
Target version:
-
[ruby-core:70108]

Description

#include <ruby.h>
#include <stdio.h>
int main()
{
	ruby_setup();
	rb_load_file("abc");  // AV here
	ruby_cleanup(0);
}
  rbtest1.exe!rb_vm_bugreport(const void * ctx) Line 1024 C
  rbtest1.exe!rb_bug_context(const void * ctx, const char * fmt, ...) Line 422 C
  rbtest1.exe!sigsegv(int sig) Line 887 C
  [External Code]
  rbtest1.exe!rb_threadptr_tag_jump(rb_thread_struct * th, int st) Line 163 C
> rbtest1.exe!rb_ensure(unsigned __int64 (...) * b_proc, unsigned __int64 data1, unsigned __int64 (...) * e_proc, unsigned __int64 data2) Line 915 C
  rbtest1.exe!load_file(unsigned __int64 parser, unsigned __int64 fname, int script, cmdline_options * opt) Line 1779 C
  rbtest1.exe!rb_load_file_str(unsigned __int64 fname_v) Line 1794 C
  rbtest1.exe!rb_load_file(const char * fname) Line 1786 C
  rbtest1.exe!main() Line 7 C++

Tried using both stable 2.2.2 and git master
f965866f4f0a00c8179a1097e89fb4e61f71a92a

Win Server 2012 R2, VS 2013 Update 4. x64.

The AV was due to the following sequence of events, all revolving
around rb_ensure.

  1. PUSH_TAG(); creates a local _tag on the stack, and sets th->tag to
    its address.

  2. EXEC_TAG(); calls setjmp on this _tag object

  3. result = (*b_proc) (data1); fails with LoadError (calls
    load_file_internal with a nonexistent file, intentionally), setting
    state to 6.

  4. POP_TAG(); resets th->tag to NULL.

  5. if (state)
    	JUMP_TAG(state);
    

    executes, looks up the current thread, and tries to jump to

        ruby_longjmp(th->tag->buf, 1);
    

    but th->tag is NULL, due to (4) above! So we AV when trying to get th->tag->buf.

Updated by scorpion007 (Alex Budovski) over 8 years ago

Note that the file "abc" intentionally doesn't exist.

Updated by nobu (Nobuyoshi Nakada) over 8 years ago

  • Description updated (diff)
  • Status changed from Open to Third Party's Issue

In short; use rb_protect().

Ruby interpreter can't deal with exceptions raised outside its scope.
So you must do it by yourself instead.

#include <ruby.h>

static VALUE
load_file(VALUE name)
{
    return (VALUE)rb_load_file((const char *)name);
}

int
main(void)
{
    int state;
    ruby_setup();
    rb_protect(load_file, (VALUE)"abc", &state);
    ruby_cleanup(0);
    if (state) {
        fprintf(stderr, "load failed\n");
        return EXIT_FAILURE;
    }
    return EXIT_SUCCESS;
}

I'm not sure what you want to do with rb_load_file, though.
It just parses a script but evaluates nothing.

Updated by scorpion007 (Alex Budovski) over 8 years ago

Thanks!

That didn't AV.

I guess I misunderstood what rb_load_file meant. I couldn't find a definitive reference, and there are no comments in the code.

It seems like rb_require is the correct thing to use to run a script.

I tried making the change (this time to a real file):

#include <ruby.h>
#include <stdio.h>
#include <assert.h>

static VALUE
load_file(VALUE name)
{
	return (VALUE)rb_require((const char *)name);
}

int main(int argc, char** argv)
{
	int state;
	ruby_setup();
	rb_protect(load_file, (VALUE)"E:\\src\\rb\\a.rb", &state);
	ruby_cleanup(0);
	if (state) {
		fprintf(stderr, "load failed\n");
		return EXIT_FAILURE;
	}
	return EXIT_SUCCESS;
}

And now it AVs in cleanup:

>	ntdll.dll!RtlpEnterCriticalSectionContended(_RTL_CRITICAL_SECTION * CriticalSection) Line 1052	C
 	x64-msvcr120-ruby220.dll!rb_w32_write(int fd, const void * buf, unsigned __int64 size) Line 6539	C
 	x64-msvcr120-ruby220.dll!io_flush_buffer_sync(void * arg) Line 1013	C
 	x64-msvcr120-ruby220.dll!fptr_finalize(rb_io_t * fptr, int noraise) Line 4253	C
 	x64-msvcr120-ruby220.dll!rb_io_fptr_finalize(rb_io_t * fptr) Line 4353	C
 	x64-msvcr120-ruby220.dll!finalize_list(rb_objspace * objspace, unsigned __int64 zombie) Line 2479	C
 	x64-msvcr120-ruby220.dll!rb_objspace_call_finalizer(rb_objspace * objspace) Line 2630	C
 	x64-msvcr120-ruby220.dll!ruby_cleanup(volatile int ex) Line 232	C
 	rbtest1.exe!main(int argc, char * * argv) Line 19	C++

Updated by nobu (Nobuyoshi Nakada) over 8 years ago

You must call ruby_sysinit() first.

Actions #5

Updated by nobu (Nobuyoshi Nakada) over 8 years ago

  • Description updated (diff)
Actions #6

Updated by scorpion007 (Alex Budovski) over 8 years ago

Yes, ruby_sysinit() was the key! Thanks.

Actions

Also available in: Atom PDF

Like0
Like0Like0Like0Like0Like0Like0